Bridging the cyber talent gap

4 million professionals are urgently needed to fill the widening gap in the global cyber security workforce. A combination of insufficient training programs, persistent cultural barriers, and deep-rooted misconceptions about the industry is making it nearly impossible to keep up. A recent study warns that the demand is so persistent, there’s “little optimism that the supply will catch up.”¹

Instead of focusing solely on how to find more people, it’s time to shift the conversation to how we can empower and elevate the talent we already have.

While other tech sectors are going through layoffs, cyber security teams are desperately trying to hire. But despite years of spotlighting the talent shortage, the gap keeps growing. Here’s why:

• The job is only getting harder
  The attack surface is expanding with more data, transactions, and operations moving online. 66% of cyber security professionals say their work has become more challenging in the past two years.² Without practical experience, defending increasingly complex systems has become a high-stress, high-stakes mission.

• Burnout is pushing people out
  Long hours, constant pressure, and a never-ending stream of incidents are taking a toll. More than 1 in 3 cyber security professionals are planning to leave the field, creating a vicious cycle of understaffing and overwork.²

• Entry barriers are high
  Many cyber security roles list many requirements—multiple degrees, certifications, and years of experience in a constantly evolving field. 90% of leaders prefer to hire candidates with technology-focused certifications, an increase from previous years.³  This deters diverse, capable candidates from even applying, especially when certifications are often seen as proof of cyber security knowledge and skills.

• High stakes make the field intimidating
  The global average data breach cost hit a record USD 4.88 million in 2024, up 10% from the previous year.⁴ Cyber security is one of the few fields where learning on the job can come with million-dollar consequences. The pressure to perform flawlessly from day one may discourage new talent, especially those transitioning from adjacent roles or just starting.

• Training takes a back seat
  With teams already stretched thin, professionals often lack the time, support, or structured opportunities to learn how to use these tools effectively. Without ongoing training and upskilling, even the best technology can’t reach its full potential, widening the skills gap even further. It is found that the lack of resources and skills is the biggest challenge when designing for cyber resilience for 52% of public organisations.⁵ 

• Diversity is still lacking
  The field remains overwhelmingly homogeneous, and diverse perspectives enable better problem-solving.  Only 25% of cyber security workers are women, and representation among people of colour remains low, especially in leadership roles. Without inclusive hiring and retention strategies, the talent pool will remain limited.²

Slide decks and awareness videos have their place, but when a real attack unfolds, teams need more than passive knowledge. Unlike other roles, a single mistake in cyber isn’t isolated. A phishing email, a misconfigured system, or a delayed response can ripple across an entire organisation, impacting everything from operations to customer trust.

Yet, most employees have never been trained to handle a cyber incident in real time.

Scenario-based training, such as simulated attacks, cyber drills, and hands-on response exercises, bridges the gap between knowing and doing. They prepare teams not just to recognise threats, but to respond swiftly and effectively when they strike. Just like firefighters drill for emergencies, cyber teams must regularly simulate attacks to build muscle memory and decision-making under pressure.

Security training should be a core part of an organisation’s business continuity strategy. Investing in cyber readiness means:

• Training leadership to make fast, well-informed decisions, as their response can shape the outcome of a cyber crisis and public trust.

• Equip first responders with hands-on breach experience to reduce hesitation and improve response time when real threats hit.

• Run cyber drills that pressure-test coordination, communication, and resilience across an organisation. They reveal gaps before real attackers do and help teams build the confidence to face future threats together.

Singapore is facing a shortage of around 4,000 cyber security professionals⁶ , and across the Asia Pacific, that number is 3.7 million.⁷The Ministry of Manpower has released its 2025 talent shortage list⁸, and cyber security roles are leading the pack. High-demand positions include cyber defence incident responders, security operations analysts, and threat monitoring specialists.⁸

Ng Tian Chong, CEO of Singtel Singapore, shared in a recent podcast that solving this cyber gap challenge isn’t just about hiring more people—it’s about widening the talent pool and creating clear, accessible pathways into the profession.⁹

That’s where national initiatives like SG Cyber Talent and the Skills Pathway for Cybersecurity come in.

Led by the Cyber Security Agency of Singapore (CSA), SG Cyber Talent is focused on nurturing interest from a young age while supporting professionals in deepening their expertise. Since 2015, CSA has worked with industry, government, and education partners to develop a thriving cyber workforce, and now, efforts are accelerating.¹⁰

The Skills Pathway for Cybersecurity is designed to help anyone from any background pivot into the field, with no prior tech experience required. The curriculum is modular, flexible, and industry-led, making it practical for busy professionals exploring mid-career shifts. As a founding employer in the Skills Pathway, Singtel is playing an active role in shaping the future of cyber security talent in Singapore.⁹

The Singtel Cyber Security Institute (CSI) offers comprehensive solutions to bolster cyber resilience. Through hands-on cyber drills and scenario-based training, your teams gain practical experience to effectively detect, respond to, and recover from cyber incidents.

Leadership briefings are designed to keep executives informed about the latest cyber threats, fostering informed decision-making during crises. Programs like Cyber Range provide realistic simulations of cyber-attacks, allowing teams to practice defence strategies in a controlled environment.

At the same time, First Incident Responder (FIRE) training equips first responders with the skills needed for immediate action during security breaches. Recognising the importance of accessibility, the Singtel Cyber Elevate Programme offers subsidised training, making it easier for organisations to cultivate a robust cyber security culture.

With Singtel CSI,  you're building a resilient foundation to navigate the complexities of today's cyber threat environment. 
Equip your workforce with the right skills to deal with a cyber attack.